Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-12 | CVE-2021-21447 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 410/420 SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting. | 3.5 |
| 2021-01-12 | CVE-2021-21448 | Unspecified vulnerability in SAP Graphical User Interface 7.60 SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. | 2.1 |
| 2021-01-12 | CVE-2021-21470 | XXE vulnerability in SAP Enterprise Performance Management 1010/2.8 SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. | 3.6 |
| 2020-12-09 | CVE-2020-26816 | Missing Encryption of Sensitive Data vulnerability in SAP Netweaver Application Server Java SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. | 2.7 |
| 2020-11-30 | CVE-2020-6317 | Information Exposure vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. | 2.7 |
| 2020-11-10 | CVE-2020-26807 | Incorrect Default Permissions vulnerability in SAP ERP Client for E-Bilanz 1.0 SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | 2.1 |
| 2020-10-20 | CVE-2020-6370 | Cross-site Scripting vulnerability in SAP Netweaver Design Time Repository SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2020-10-15 | CVE-2020-6272 | Cross-site Scripting vulnerability in SAP Commerce Cloud SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. | 3.5 |
| 2020-10-15 | CVE-2020-6368 | Cross-site Scripting vulnerability in SAP Business Planning and Consolidation SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. | 3.5 |
| 2020-09-09 | CVE-2020-6312 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. | 3.5 |